DNN Forums

Ask questions about your website to get help learning DNN and help resolve issues.
Prev
Next

DNN vendor accreditation?

Forums > Modules and Other Extensions
Sort:
You are not authorized to post a reply.





DNNDude

Growing Member



Posts:47
Growing Member




7/25/2020 10:18 PM

    A recent post got me thinking about DNN security and vendor accreditation.

    Does DNN have any sort of vendor accreditation scheme where solutions are independently verified, or at least conform to DNN / industry best-practice?  Using the DAL, SQL, event logging, indexing, installing/uninstalling cleanly etc.

    Even basics like digital code-signing certificates, encryption/security best practice.  eg. Using password hashing, SHA256+, AES for string encryption etc.

     






    Joe Craig

    Veteran Member



    Posts:1236
    Veteran Member




    7/25/2020 10:44 PM
      Again, "DNN" is a fairly broad term.

      The closest thing that comes to mind is the list of "Evoq Preferred Products" on the DNN Store. That designation only says that the products "work with Evoq products on all supported deployment platforms." and that you can have confidence that "the product meets quality standards and is sold by an established vendor."

      The list of vendors is a good one. There are other very good vendors not on that list.

      The "DNN Community" doesn't certify modules. In fact, as an open source product, DNN Platform isn't certified by anyone and, like most similar products, isn't warranted for anything other than what is stated in the license agreement.

      But, the great thing about the DNN Community (and other similar communities) is that you can ask around, ask questions, and get a feeling as to which developers are trusted by the community at large.

      And, as an example, two summers ago there was a fairly severe problem identified across a large number of modules and (if my memory is working) DNN itself. Products were pulled from the DNN Store, and security fixes were released. I use that example to make the point that the DNN Community (and also DNN Corp in that example) take such issue seriously.

      If you have specific questions, please ask them in these forums. If you have security issues, please report them to the DNN security team. If you have bugs, suggestions, wish list items, etc. you can use GitHub to report them. That also includes processes. We can all help advance things, and getting actively involved is one of the best ways to do that.

      I hope this helps.
      Joe Craig
      DNN MVP
      Patapsco Research Group
      You are not authorized to post a reply.

      These Forums are dedicated to the discussion of DNN Platform.

      For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

      1. If you have (suspected) security issues, please DO NOT post them in the forums but instead follow the official DNN security policy
      2. No Advertising. This includes the promotion of commercial and non-commercial products or services which are not directly related to DNN.
      3. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
      4. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
      5. No Flaming or Trolling.
      6. No Profanity, Racism, or Prejudice.
      7. Site Moderators have the final word on approving / removing a thread or post or comment.
      8. English language posting only, please.

      Would you like to help us?

      Awesome! Simply post in the forums using the link below and we'll get you started.

      Get Involved